diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2016-01-08 20:09:16 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2016-01-08 20:09:16 +0100 |
| commit | 1f21f0eb7334730a11b51f8bbef84253add765b3 (patch) | |
| tree | da48f97a4402562444f9370242dba1bb85eb0e65 /apps/dav/lib | |
| parent | 2659661cb03e23930e9cd47fefd2b1e39fdcad78 (diff) | |
| parent | 4a38793d111f68d9b00eaff4804293fd10d89a5f (diff) | |
| download | nextcloud-server-1f21f0eb7334730a11b51f8bbef84253add765b3.tar.gz nextcloud-server-1f21f0eb7334730a11b51f8bbef84253add765b3.zip | |
Merge pull request #21491 from owncloud/webdav_auth_no_basic_auth
Also allow 'only cookie' auth to webdav
Diffstat (limited to 'apps/dav/lib')
| -rw-r--r-- | apps/dav/lib/connector/sabre/auth.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/apps/dav/lib/connector/sabre/auth.php b/apps/dav/lib/connector/sabre/auth.php index 7f4f4a531b1..02b88390bad 100644 --- a/apps/dav/lib/connector/sabre/auth.php +++ b/apps/dav/lib/connector/sabre/auth.php @@ -151,7 +151,10 @@ class Auth extends AbstractBasic { */ private function auth(RequestInterface $request, ResponseInterface $response) { if (\OC_User::handleApacheAuth() || - ($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) + //Fix for broken webdav clients + ($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) || + //Well behaved clients that only send the cookie are allowed + ($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) ) { $user = $this->userSession->getUser()->getUID(); \OC_Util::setupFS($user); |